Configure PRTG Network Monitor

Windows Management Instrumentation (Workgroup)

 Windows 7
Am activat regula predefinita WMI din firewall. Permisiunile dcom si wmi au ramas cele default.
Am dezactivat "remote UAC filtering" cu:
cmd /c reg add HKLM\SOFTWARE\ Microsoft\Windows\CurrentVersion\Policies\system /v
LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f.
Vezi si documentul ce ilustreaza Remote WMI to a Workgroup Server - Functioneaza partial-still receiving denials.
La credentialele pentru Windows Systems am introdus: casper / green / password (user din local Administrators group).
 Windows XP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
On a Windows XP computer that is a member of a workgroup:
If ForceGuest is enabled (set to 1), SSPI will always try to log on using the Guest account.
If the Guest account is enabled, an SSPI logon will succeed as Guest for any user credentials.
If the Guest account is disabled, an SSPI logon will fail even for valid credentials.
If ForceGuest is disabled (set to 0), SSPI will log on as the specified user.
Guest Account Enabled si Administrator Account Enabled (ma conectez cu Administrator Account)

SNMP (Samsung ML-2571N si Cisco871)

Am folosit iReasonig MIB Browser pentru a obtine OID-urile. Total pages = .1.3.6.1.2.1.43.10.2.1.4.1.1 (imprimanta)
1 min CPU utilization = .1.3.6.1.4.1.9.9.109.1.1.1.1.4.1
(routerul)

Netflow V5 Custom (Cisco871)

 Receive NetFlow Packets on UDP Port = 9996
 Receive NetFlow Packets on IP = 12.0.0.2
 Active Flow Timeout (Minutes) = 2
 Channel Definition
#10:Torrent
(Protocol[TCP] or Protocol[UDP]) AND (SourcePort[28000] or DestinationPort[28000] or SourcePort[28001] or DestinationPort[28001])

#20:FileServe
Protocol[TCP] AND (SourceIP[209.222.0.0/19] or DestinationIP[209.222.0.0/19] or SourceIP[173.199.64.0/18] or
DestinationIP[173.199.64.0/18] or SourceIP[66.55.128.0/19] or DestinationIP[66.55.128.0/19] or SourceIP[64.237.32.0/19] or
DestinationIP[64.237.32.0/19])

#30:SugarSync
Protocol[TCP] AND (SourceIP[74.201.86.0/25] or DestinationIP[74.201.86.0/25])

#40:FTP Server
Protocol[TCP] AND (DestinationPort[28002] or DestinationPort[20-21] or SourcePort[20-21])

#50:WWW
Protocol[TCP] AND (SourcePort[80] or DestinationPort[80] or SourcePort[443] or DestinationPort[443])

#60:Mail
((Protocol[TCP] or Protocol[UDP]) and (DestinationPort[143] or SourcePort[143] or DestinationPort[220] or SourcePort[220] or
DestinationPort[993] or SourcePort[993] )) OR (Protocol[TCP] and (SourcePort[110] or DestinationPort[110] or SourcePort[995] or
DestinationPort[995])) OR (Protocol[TCP] and (SourcePort[25] or DestinationPort[25]))

#70:RTMP
(Protocol[TCP] or Protocol[UDP]) AND (SourcePort[1935] or DestinationPort[1935])

#80:Infrastructure
(Protocol[UDP] and ((SourcePort[68] and DestinationPort[67]) or (SourcePort[67] and DestinationPort[68]))) OR ((Protocol[TCP] or
Protocol[UDP]) and (SourcePort[53] or DestinationPort[53])) OR (Protocol[TCP] and (SourcePort[113] or DestinationPort[113])) OR
(Protocol[ICMP]) OR (Protocol[TCP] and (SourcePort[161-162] or DestinationPort[161-162]))

#90:NetBIOS
(Protocol[TCP] or Protocol[UDP]) AND (DestinationPort[137-139] or SourcePort[137-139])

Monitoring a remote web site

Info despre www.fileserve.com am obtinut la http://www.encomer.com. Adresa IP a mai fost de asemenea introdusa in
http://www.infosniper.net - am obtinut locatia serverelor pe Google Maps.

Simion Sebastian Page 1/2 2011/02/23

Channel Definitions
 Group Definitions
#3001:WWW
(Protocol[TCP] and ( SourcePort[80] or DestinationPort[80] or SourcePort[8080] or DestinationPort[8080])) OR (Protocol[TCP] and (SourcePort[443] or DestinationPort[443]))

#3002:FTP/P2P
(Protocol[TCP] and (DestinationPort[20-21] OR SourcePort[20-21]))

#3003:Mail
((Protocol[TCP] or Protocol[UDP]) and ( DestinationPort[143] or SourcePort[143] or DestinationPort[220] or SourcePort[220] or DestinationPort[993] or SourcePort[993] )) OR
(Protocol[TCP] and (SourcePort[110] or DestinationPort[110] or SourcePort[995] or DestinationPort[995])) OR (Protocol[TCP] and (SourcePort[25] or DestinationPort[25]))

#3004:Chat
(Protocol[TCP] and (SourcePort[6667] or DestinationPort[6667])) OR (Protocol[TCP] and (SourcePort[5190] or DestinationPort[5190]))

#3005:Remote Control
(Protocol[TCP] and (SourcePort[3389] or DestinationPort[3389])) OR (Protocol[TCP] and (SourcePort[22] or DestinationPort[22])) OR (Protocol[TCP] and (SourcePort[23] or
DestinationPort[23])) OR (Protocol[TCP] and (SourcePort[5800] or DestinationPort[5800] or SourcePort[5900] or DestinationPort[5900]))

#3007:Infrastructure
(Protocol[UDP] and ((SourcePort[68] and DestinationPort[67]) or (SourcePort[67] and DestinationPort[68]) )) OR ((Protocol[TCP] or Protocol[UDP]) and (SourcePort[53] or
DestinationPort[53])) OR (Protocol[TCP] and (SourcePort[113] or DestinationPort[113])) OR (Protocol[ICMP]) OR (Protocol[TCP] and (SourcePort[161-162] or
DestinationPort[161-162]))

#3008:NetBIOS
((Protocol[TCP] OR Protocol[UDP]) AND (DestinationPort[137-139] OR SourcePort[137-139]))

#3009:Various
(Protocol[UDP]) OR (Protocol[TCP])

 Detail Definitions
#1001:HTTP
Protocol[TCP] and ( SourcePort[80] or DestinationPort[80] or SourcePort[8080] or DestinationPort[8080])

#1023:HTTPS
Protocol[TCP] and (SourcePort[443] or DestinationPort[443])

#1024:FTP (Control)
Protocol[TCP] and (DestinationPort[20-21] OR SourcePort[20-21])

#1006:IMAP
(Protocol[TCP] or Protocol[UDP]) and ( DestinationPort[143] or SourcePort[143] or DestinationPort[220] or SourcePort[220] or DestinationPort[993] or SourcePort[993] )

#1008:POP3
Protocol[TCP] and (SourcePort[110] or DestinationPort[110] or SourcePort[995] or DestinationPort[995])

#1011:SMTP
Protocol[TCP] and (SourcePort[25] or DestinationPort[25])

#1007:IRC
Protocol[TCP] and (SourcePort[6667] or DestinationPort[6667])

#1025:AIM
Protocol[TCP] and (SourcePort[5190] or DestinationPort[5190])

#1009:RDP
Protocol[TCP] and (SourcePort[3389] or DestinationPort[3389])

#1014:SSH
Protocol[TCP] and (SourcePort[22] or DestinationPort[22])

#1016:Telnet
Protocol[TCP] and (SourcePort[23] or DestinationPort[23])

#1017:VNC
Protocol[TCP] and (SourcePort[5800] or DestinationPort[5800] or SourcePort[5900] or DestinationPort[5900])

#1003:DHCP
Protocol[UDP] and ((SourcePort[68] and DestinationPort[67]) or (SourcePort[67] and DestinationPort[68]) )

#1004:DNS
(Protocol[TCP] or Protocol[UDP]) and (SourcePort[53] or DestinationPort[53])

#1005:Ident
Protocol[TCP] and (SourcePort[113] or DestinationPort[113])

#1018:ICMP
Protocol[ICMP]

#1012:SNMP
Protocol[TCP] and (SourcePort[161-162] or DestinationPort[161-162])

#3008:NetBIOS
((Protocol[TCP] OR Protocol[UDP]) AND (DestinationPort[137-139] OR SourcePort[137-139]))

#1021:OtherUDP
Protocol[UDP]

#1022:OtherTCP
Protocol[TCP]

Note: PRTG este format din doua servicii: PRTG 8 Core Server Service si PRTG 8 Probe Service, configurate cu Server Admin tool, respectiv Probe Admin tool.
Note: Use a static ip address as the source of the WEB Server.
Note: Foloseste testerele de la Paessler pentru a testa WMI, SNMP etc.
Note: For a quick backup of the monitoring configuration only (i.e. groups, devices, sensors, users, maps, reports, etc.) please back up the file "PRTG Configuration.dat" in the data folder.

Simion Sebastian Page 2/2 2011/02/23